The front page of another forum I frequent currently redirects you here. So very charming. Direct links to internal categories work fine. A message posted by one of the admins over 2 hours ago implies that they are attempting to deal with the problem, but perhaps do not know how.
Some of you must know of a patch(es)?
Posted by quidscribis (Member # 5124) on :
Patches and what not will depend on what version of which bulletin board system they're using. phpBB, for example, is commonly hacked and targeted because a. it's fairly easy, relatively speaking and b. it's fairly popular, so it's easy to find targets.
They should go to the support site for the software they use and see what's available.
Posted by rivka (Member # 4859) on :
They are using phpBB 2.0.10, according to what I can see.
And likely they ARE in contact with the support site. I just thought one of the Hatrack Experts ™ might have a suggestion I could pass along.
Posted by fugu13 (Member # 2859) on :
Yeah, there's a long known vulnerability for the version of phpBB they're running. Do as the hackers suggest and all will be fine.
Posted by rivka (Member # 4859) on :
Should it take long for them to update to the newer version? Judging by the lack of recent posts, not many people know about the back doors.
Posted by fugu13 (Member # 2859) on :
They could roll it out in five or ten minutes if they know what they're doing.
Posted by TheTick (Member # 2883) on :
It happened at my site a while back. What happens is a hacker can get in basically as if they were the admin account. What I was able to do was edit the database of the board (via mysqladmin) and change the e-mail address of the main admin account back to my own. Then I could do the e-mail to change the password back. Once they've done that, they should deactivate the board and apply the update, followed by restoring the backup of the DB. Assuming they have a recent one, which I didn't. Posted by fugu13 (Member # 2859) on :
It sounds like rivka's forums are pretty much intact, there's just a redirect in place of the front page.
Posted by TheTick (Member # 2883) on :
Unless someone actually got the login for the hosting account and not just the forum admin stuff, they should be able to make the site redirect anywhere. That I can see.
Posted by quidscribis (Member # 5124) on :
One thing to consider, though, is that frequently, the hackers will leave behind a file that will allow them access to the forum again, even after the site has been hacked. The webmaster, if s/he knows what s/he's doing, will go through all the logs and/or all the files/folders and search for any such things or any other changes that were made.
There is also at least one hack out there that allows for full access to the webserver. As in, that harddrive where hundreds or thousands of websites are stored. Bad, very very bad.
Posted by fugu13 (Member # 2859) on :
Yes, the easiest way to do that is often to have all the files in question restored from backup, then add any modifications since the (hopefully nightly) backup.
Since most things should be stored in a database, this shouldn't take long with cooperation by the ISP. In fact, since in the case of a message board most of the files will just be stuff used by the message board, in the upgrade most of them will be ditched anyways.
Posted by rivka (Member # 4859) on :
The forums (as far as I can tell) are entirely intact -- except for the front-page redirect.
I wonder if the problem is that many of the admin-types are in Israel, where it's still fairly early in the day.
*sigh* Oh, well. They'll fix it sooner or later. *twiddles thumbs*
Posted by TheTick (Member # 2883) on :
Ah, I see. This is a different exploit. I was at least a bit more up to date than these folks.
(I think I was hit by the worm, which just defaces. The actual exploit leaves them much more vulnerable)
[ March 30, 2005, 01:34 AM: Message edited by: TheTick ]
Posted by fugu13 (Member # 2859) on :
While one can't be sure without an audit or a pave-and-replace, most hackers are actually pretty good about not leaving back doors to uninteresting servers like theirs -- they just have an intense dislike of unpatched sofware that leads to their illicit behavior. In fact, some hackers patch minor problems after they crack them (this happened at Beloit a while ago, where Bernard works -- they hacked them through an exploit in a single file, put up a notice, fixed the exploit, and left).
One reason hackers are particularly annoyed at this security vulnerability is its the result of some particularly atrocious programming practices.
Note: while I'd guess most hackers wouldn't leave a back door around, partly because most hackers aren't in it for evil purposes, but out of feelings of rebellion, a lot certainly would. Always check, or take steps that preclude the possibility.
Posted by quidscribis (Member # 5124) on :
Fahim is a sys-admin for a web hosting company in the US, and he gets to deal with the customers who've been defaced or otherwise exploited and don't have a clue what's going on or what to do. It's from him that I've been hearing about back-door files left in place and all the rest.
In other words, he probably hears a bit more about it than most folks. Posted by rivka (Member # 4859) on :
The admins are trying to find a way around the hack that doesn't involve updating, because that would be giving in to extortion.
*blink*
I linked 'em to the official phpBB page recommending the update . . . *sigh*
Posted by fugu13 (Member # 2859) on :
*snort*
Ah, idiot admins . . . how thrilling.
If that's their attitude, its pretty clear they're slightly clueless about things internet.
Posted by fugu13 (Member # 2859) on :
Oh, and you should point out its not extortion -- its right out there in public that they haven't been following security issues with their software properly, and there's no threat of anything further should they not comply (though I suppose there's the implied threat -- if they don't upgrade, some other hacker is going to come by and do the same thing again and again!).
Theoretically they could find a way to fix it by hand, but I severely doubt they're that competent.
I'm not saying email the guy, that would be a step to far, but the upgrade is widely known about and used, plus easy to perform.
*shakes head at some of the people they allow out on the complicated internet*
Posted by quidscribis (Member # 5124) on :
People are dumb. That's my motto. Posted by jebus202 (Member # 2524) on :
That's my motto too!
Posted by Bob_Scopatz (Member # 1227) on :
Looks like we pay a visit to Montevideo and pick up the thread from there...
<dons black hat and swirly cape> <selects appropriate cane tips>
quote:Registration and WHOIS Service Provided By: directNIC.com
Intercosmos Media Group, Inc. provides the data in the directNIC.com Registrar WHOIS database for informational purposes only. The information may only be used to assist in obtaining information about a domain name's registration record.
directNIC makes this information available "as is," and does not guarantee its accuracy.
Registrant: Live Interactive S.R.L. Wilson F. Aldunate 1342 Montevideo, Montevideo 11100 UY (2) 901 50 64 Fax:(2) 209 15 18
Domain Name: TRANS69.COM
Administrative Contact: Caetano, Martin hosting@liveinteractive.net Wilson F. Aldunate 1342 Montevideo, Montevideo 11100 UY (2) 901 50 64 Fax:(2) 209 15 18
Technical Contact: Caetano, Martin hosting@liveinteractive.net Wilson F. Aldunate 1342 Montevideo, Montevideo 11100 UY (2) 901 50 64 Fax:(2) 209 15 18
Record last updated 02-26-2003 07:47:06 AM Record expires on 09-13-2005 Record created on 09-13-2002
Domain servers in listed order: NS1.SPONSORADULTO.COM 66.115.176.75 NS2.SPONSORADULTO.COM 66.115.176.77
By submitting a WHOIS query, you agree you will use this data only for lawful purposes. You also agree that, under no circumstances, will you use this data to: a) allow, enable, or otherwise support the transmission by email, telephone, or facsimile of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or to (b) enable high volume, automated, electronic processes that send queries or data to the systems of any Registry Operator or ICANN-Accredited registrar.
The compilation, repackaging, dissemination, or other use of this WHOIS data is expressly prohibited without the prior written consent of directNIC.com.
directNIC.com reserves the right to terminate your access to its WHOIS database in its sole discretion, including without limitation, for excessive querying of the database or for failure to otherwise abide by this policy.
directNIC reserves the right to modify these terms at any time.
NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.
Posted by rivka (Member # 4859) on :
Sounds like they are at least considering the update now.
I just wish they would do it already. I was in the middle of several discussions.
Posted by Farmgirl (Member # 5567) on :
Well, it was bad enough when we used to have to worry about SPAM.
But now we have to worry about SPIM (spam over IM) and SPIT (spam over internet telephony)
and likewise,
Now, instead of just Phishing we have to worry about Pharming -- a new technique for Internet fraud which involves interfering with the name resolution process on the Internet. Name resolution system modification so user thinks they are accessing the IP of the named site, with anonymous proxy servers being particularly vulnerable
*sigh*
The bad guys are getting better..
Farmgirl
Posted by rivka (Member # 4859) on :
I was rather flabbergasted at that one myself.
Although I guess Leo might have been kidding.
Posted by Morbo (Member # 5309) on :
I agree, adam, that is very funny.
quote: I just wish they would do it already. I was in the middle of several discussions.
Rivka sweetie, umm, just HOW many internet forums do you really need? Is it time for a virtual intervention at one of your many forums? I'll bring the dip. Posted by rivka (Member # 4859) on :
NO!!! I need them all!
Anyway, if I had to choose between this one (where I can use Hebrew and Yiddish phrases, and be understood) and some of my others, I'd choose this one.
Not over Hatcrack, of course, but that goes without saying.
Posted by Morbo (Member # 5309) on :
I think you're in denial, Rivka. "some of my others"
*shakes head sadly*
We talking double digits here?
*puts intervention on standby alert*
Posted by saxon75 (Member # 4589) on :
This reminds me, I need to bring sakeriver up-to-date again.
Posted by rivka (Member # 4859) on :
Double-digits?
Uh . . . *counts* No.
And I'm not in denial -- I know I'm addicted.
In other news, the front page is fixed. And we're still using the old version. The good news is that I'm now one of several people agitating for an upgrade.
![[Razz]](tongue.gif)
Direct links to internal categories work fine. A message posted by one of the admins over 2 hours ago implies that they are attempting to deal with the problem, but perhaps do not know how.![[Embarrassed]](redface.gif)
![[Frown]](frown.gif)
![[Grumble]](graemlins/grumble.gif)
![[Wall Bash]](graemlins/wallbash.gif)
![[Dont Know]](graemlins/dontknow.gif)
People are dumb. That's my motto. ![[ROFL]](graemlins/rofl.gif)
![[Wink]](wink.gif)
![[Eek!]](eek.gif)
NO!!! I need them all!![[No No]](graemlins/nono.gif)
![[Roll Eyes]](rolleyes.gif)
The good news is that I'm now one of several people agitating for an upgrade.